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Claims: 

1. A method of providing access protection in a digital television distribution 
system having a master headend and at least one local headend, comprising: 

defining first authorization data associated with content services; 

protecting said content services at said master headend; 

protecting said first authorization data at said master headend; and 

generating digital transport stream data from said protected content 
services and said protected authorization data for transmission to each said at 
least one local headend. 

. 2. The method of claim 1, further comprising: 

defining second authorization data associated with said digital transport 
stream data; and 

multiplexing said second authorization data with said digital transport 
stream data. 

3. The method of claim 1, wherein said first authorization data comprises first 
entitlement management messages configured to authorize set-top boxes for 
viewing said content services, and wherein said step of protecting said content 
services comprises encrypting said content services. 

4. The method of claim 3, wherein said step of protecting said first authorization 
data comprises: 

generating at least one service in response to said first entitlement 
management messages; and 

encrypting said at least one service to generate encrypted service data. 

5. The method of claim 4, further comprising: 

defining second entitlement management messages configured to 
authorize receiver circuitry of each said at least one local headend for 
decrypting one or more services of said encrypted service data; and 
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multiplexing said second entitlement management messages with said 
digital transport stream data. 

6. The method of claim 5, further comprising: 

modulating a carrier with said digital transport stream data; 

transmitting said carrier to each said at least one local headend via a 
shared distribution medium; 

demodulating said carrier at each said at least one local headend to 
recover said digital transport stream data; and 

decrypting one or more services of said encrypted service data in 
response to said second entitlement management messages. 

7. The method of claim 6, further comprising: 

modulating a second carrier with said digital transport stream data; and 
transmitting said second carrier over a cable transmission path to set-top 

boxes. 

8. An apparatus for providing access protection in a digital television 
distribution system having a master headend and at least one local headend, 
the apparatus comprising: 

a first conditional access system for defining first authorization data 
associated with content services; 

a first encryption unit, disposed in said master headend, for encrypting 
said content services; 

a second encryption unit, disposed in said master headend, for 
encrypting said first authorization data; and 

a multiplexer for multiplexing said encrypted content services and said 
encrypted first authorization data to generate digital transport stream data for 
transmission to each said at least one local headend over a shared distribution 
medium. 

9. The apparatus of claim 8, further comprising: 
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a second conditional access system for defining second authorization 
data associated with said digital transport stream data; 

where said multiplexer multiplexes said second authorization data with 
said digital transport stream data. 

10. The apparatus of claim 8, wherein said first authorization data comprises 
first entitlement management messages configured to authorize set-top boxes 
for viewing said content services. 

1 1 . The apparatus of claim 1 0, further comprising: 

a second multiplexer for multiplexing said first entitlement management 
messages with control data to generate at least one service; 

where said second encryption unit encrypts said at least one service to 
generate encrypted service data. 

1 2. The apparatus of claim 1 1 , further comprising: 

a second conditional access system for defining second entitlement 
management messages configured to authorize receivers of each said at least 
one local headend for decrypting one or more services of said encrypted 
service data 

wherein said multiplexer multiplexes said second entitlement 
management messages with said digital transport stream data. 

13. The apparatus of claim 8, wherein said shared distribution medium 
comprises at least one of a satellite link, a terrestrial broadcast link, a fiber 
distribution medium, and the Internet. 

14. A digital television distribution system, comprising: 

a master headend for transmitting television signals over a shared 
distribution medium, said master headend comprising: 

a first conditional access system for defining first authorization 
data associated with content services; 

a first encryption unit for encrypting said content services; 
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a second encryption unit for encrypting said first authorization 

data; 

a multiplexer for multiplexing said encrypted content services and 
said encrypted first authorization data to generate digital transport stream 
data; and 

a modulator for modulating a carrier with said digital transport 
stream data; and 

a local headend for receiving said television signals from said satellite, 
said local headend comprising: 

a demodulator for demodulating said carrier to recover said digital 
transport stream data; and 

a decoder for decrypting said first authorization data. 

15. The system of claim 14, wherein said master headend further comprises: 

a second conditional access system for defining second authorization 
data associated with said digital transport stream data; 

where said multiplexer multiplexes said second authorization data with 
said digital transport stream data. 

16. The system of claim 14, wherein said first authorization data comprises first 
entitlement management messages configured to authorize set-top boxes for 
viewing said content services. 

17. The system of claim 16, wherein said master headend further comprises: 

a second multiplexer for multiplexing said first entitlement management 
messages with control data to generate at least one service; 

where said second encryption unit encrypts said at least one service to 
generate encrypted service data. 

18. The system of claim 17, wherein said master headend further comprises: 

a second conditional access system for defining second entitlement 
management messages configured to authorize said decoder of said local 
headend for decrypting one or more services of said encrypted service data 
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wherein said multiplexer multiplexes said second entitlement 
management messages with said digital transport stream data. 

19. The system of claim 14, wherein said shared distribution medium 
comprises at least one of a satellite link, a terrestrial broadcast link, a fiber 
distribution medium, and the Internet. 

20. An apparatus for providing access protection in a digital television 
distribution system having a master headend and at least one local headend, 
the method comprising: 

means for defining first authorization data associated with content 
services; 

means for protecting said content services at said master headend; 
means for protecting said first authorization data at said master headend; 

and 

means for generating digital transport stream data from said protected 
content services and said protected authorization data for transmission to each 
said at least one local headend over a shared distribution medium. 
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